On Thu, Sep 09, 1999, randyboy wrote:
> I'm new to modssl and need clarification on a couple of implementation
> issues.
> I understand that each ssl-enabled http server needs its own
> IP. However, would it be possible to have X number of name-based
> virtualhosts and one single ssl-enabled web host using a single
> IPs.
Yes.
> Furthermore, would this one secured website be the default one whose
> contents are that of the default DocumentRoot that I would get by going to
> https://my.single.ip.address.
Yes.
> Based on mailing list archives and that one bit in the faq, it seems
> that self-signing a certificate is doable. Would this be a feasible path
> to take if we're setting up a secured site for only a few people?
No. Some browsers totally reject self-signed certs. And even if you have only
a small user group you should create a custom certificate. The used CA can be
also your own one, of course. Just use "make certificate TYPE=custom" to
create such a certificate while installing Apache+mod_ssl.
> Which
> benefits of using ssl would be nullified by doing things this way?
SSl features are not nullified this way. But as I said, you get
problems with some browsers.
> I imagine the obvious would be that I don't have the anonymous third party
> there to certify the transaction, but shouldn't that not matter since those
> who are importing certificates that they get directly from us probably
> trust us as it is? yes, no?
As long as your customers trust your custom CA there is no difference to a
"real third party CA". At least for SSL there is no difference. It's just what
your clients trust more.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
